How long has this been going on? Star's site infected

From the description of the hack I would have expected Sophos to have been detecting the site as Mal/Iframe-F. Naturally, I visited the site, in a secure manner, to see what I could see. Unfortunately, I didn't see an Iframe as described.

What I did see was a heavily obfuscated script injected into the page that references an iframe. A quick analysis of the obfuscated script revealed that it adds an iframe to the page to load content from a remote site (blacklisted for Sophos customers since Oct 7th). The WHOIS record that remote site strangely says:
Address : 56/2 Sun str.
City : Dallas
Province/State : beijing

This morning I wrote detection for the obfuscated script, as Troj/Iframe-DD.

After further digging on our systems we have seen multiple infections on this site: